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Status of this Memo 


This memo provides information for the Internet community. It does 
not specify an Internet standard of any kind. Distribution of this 
memo is unlimited. 


Copyright Notice 
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Abstract 


The Trivial File Transfer Protocol (TFTP) is a very simple TRIVIAL 
protocol that has been in use on the Internet for quite a long time. 
While this document discourages its continued use, largely due to 
security concerns, we do define a Uniform Resource Identifier (URI) 
scheme, as well as discuss the protocol’s applicability. 


1. Introduction 


The Trivial File Transfer Protocol (TFTP) has been around for quite 
some time. Its common uses are to initially configure devices or to 
load new versions of operating system code [1]. As devices begin to 
adopt use of Uniform Resource Identifiers (URIs) and Uniform Resource 
Locators (URLs), for completeness we specify a way to reference files 
that is still quite common. Use of a URI is a convenient way to 
indicate underlying mechanism, server name or address, and file name. 


WHILE WE DEFINE THE TFTP URI TYPE, WE STRONGLY RECOMMEND AGAINST THE 
CONTINUED USE OF TFTP, FOR REASONS LISTED IN SECTION 5 (amongst 
others). The definition of a URI merely allows tools that currently 
use protocols such as TFTP to have a standard name space and 
structure where one can understand the process used to resolve that 
name. Indeed it is hoped that the definition of this URI will ease 
transition to modern file transfer mechanisms. 
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2. Syntax of a TFTP URI 
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A TFTP URI has the following ABNF syntax [2]: 


tftpURI = "tftp://" host "/" file [ mode ] 

mode = ";" "mode=" ( "netascii™ / "octet" ) 
file = *( unreserved / escaped ) 

host = <as specified by RFC 2732 [3]> 
unreserved = <as specified in RFC 2396 [4]> 
escaped = <as specified in RFC 2396> 


A TFTP URI specifies a file that is to be found or placed on a TFTP 


server. 
be transferred. 
"octet". 
adopted, 


If left unspecified, 
and is not specified. 
250s 


Encoding Rules 


Aside from syntax as described above, 


specify length limits to either file names or file sizes. 


case of file names, 


The "mode" option is an option indicating how the file is to 


the mode is assumed to be 


A third "mail" mode was deprecated at the time RFC 1350 was 


the TFTP protocol does not 
In the 


they may contain any character so long as those 


characters are properly escaped as described above. 


3. Semantics and Operations 


As previously stated the TFTP URI is a reference to a file. 
allowed operations on a TFTP URI are read and write. 


The 
When a TFTP URI 


is read the underlying mechanisms retrieve the named file via the 


TFTP protocol from the specified host 
mode. When a TFTP URI is written the 
a file via TFTP to a specified server 
using the optionally specified mode. 
supported. 


with the optionally specified 
underlying mechanisms transmit 
to either the specified file 
No other operations are 


Note that it is not possible to retrieve file size information prior 


to retrieval, 
permissions prior to transfer. 
arrive intact, 
completeness. 
robust file transfer, 


Files 
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nor is it possible to determine file existence or 


transferred may or may not 


as there is no guarantee of reliability or even 
See the TFTP standard for more details. 
consider using either FTP or HTTP 


For more 
[5 Ol 
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4. Examples 
tftp://example.com/myconfigurationfile;mode=netascii 


This example references file "myconfigurationfile" on server 
"example.com" and requests that the transfer occur in netascii mode. 


tftp://example.com/mystartupfile 


This file references file "mystartupfile" on server "example.com". 
The transfer should occur in octet mode, since no other mode was 
specified. 


5. Security Considerations and Concerns about TFTP’s use 


Use of TFTP has been historically limited to those devices where a 
more full protocol stack is impractical due to either memory or CPU 
constraints. While this still may be the case with a toaster, it is 
unlikely to be the case for even the simplest piece of network 
support hardware, such as simple routers or switches. There are a 
myriad of reasons to use some protocol other than TFTP, only a few of 
which are listed below. 


TFTP has no mechanism for access control within the protocol, and 
there is no protection from a man in the middle attack. 
Implementations are left to their own devices in this area. Because 
TFTP has no way to determine file sizes in advance, implementations 
should be prepared to properly check the bounds of transfers so that 
neither memory nor disk limitations are exceeded. 


TFTP is not well suited to large files for the following reasons. 
TFTP has no inherent integrity check. There is no way to determine 
what one side sent is what the other received. There is no way to 
restart TFTP transfers from anywhere other than the beginning. TFTP 
is a lock step protocol. Only one packet may be in flight at any one 
time. There is no slow start or smart backoff mechanism in TFTP, but 
very simple timeouts. 


TFTP is not well suited to file transfers across administrative 
domains. For one thing, TFTP utilizes UDP, and many NATs will not 
either support or allow TFTP transfers. More likely firewalls will 
prohibit transfers. 


There are no caching semantics within TFTP. There is no safe way to 
cache information using the TFTP protocol. 
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In summary, use of TFTP is strongly discouraged except in the most 
limited of circumstances where memory and CPU are at the highest 
premium. 


6. IANA Considerations 


The IANA has registered the URL registration template found in 
Appendix A in accordance with RFC 2717 [7]. 
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this standard. Please address the information to the IETF Executive 
Director. 
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Appendix A. Registration Template 


URL scheme name: tftp 

URL scheme syntax: Section 2 

Character encoding considerations: Section 2 

Intended usage: Section 1 

Applications and/or protocols which use this scheme: [1] 
Interoperability considerations: None 

Security considerations: Section 5 

Relevant publications: [1] 

Contact: The author, Section 8 

Author/Change Controller: IESG 
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Full Copyright Statement 
Copyright (C) The Internet Society (2003). All Rights Reserved. 


This document and translations of it may be copied and furnished to 
others, and derivative works that comment on or otherwise explain it 
or assist in its implementation may be prepared, copied, published 
and distributed, in whole or in part, without restriction of any 
kind, provided that the above copyright notice and this paragraph are 
included on all such copies and derivative works. However, this 
document itself may not be modified in any way, such as by removing 
the copyright notice or references to the Internet Society or other 
Internet organizations, except as needed for the purpose of 
developing Internet standards in which case the procedures for 
copyrights defined in the Internet Standards process must be 
followed, or as required to translate it into languages other than 
English. 


The limited permissions granted above are perpetual and will not be 
revoked by the Internet Society or its successors or assignees. 


This document and the information contained herein is provided on an 
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 
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